This article describes how to audit (validate) a system's security using the Solaris Security Toolkit software. You can use the information and procedures in this article to maintain an established security profile after hardening. For systems that are already deployed, you can use this information to assess security before hardening.

Like this article? We recommend

Like this article? We recommend

Editor's Note  This article is the complete sixth chapter
of the Sun BluePrints™ book, Securing Systems With the Solaris Security
Toolkit, by Alex Noodergraaf and Glenn Brunette (ISBN 0-13-141071-7), which
is available through
http://www.sun.com/books,
amazon.com, and Barnes & Noble bookstores in late June or early July.

This chapter describes how to audit (validate) a system's security using
the Solaris Security Toolkit software. Use the information and procedures in
this chapter for maintaining an established security profile after hardening.
For systems that are already deployed, you may want to use the information in
this chapter to assess security before hardening.

NOTE

The term audit is used in this chapter and book to define the Solaris
Security Toolkit software's automated process of validating a security
posture by comparing it with a predefined security profile. The use of this term
in this publication does not represent a guarantee that a system is completely
secure after using the audit option.

This chapter contains the following topics:

"Maintaining Security" on page 2

"Reviewing Security Prior to Hardening" on page 3

"Customizing Security Audits" on page 3

"Preparing to Audit Security" on page 5

"Using Options and Controlling Audit Output" on
page 6

"Performing a Security Audit" on page 13

Maintaining Security

Maintaining security is an ongoing process and is something that must be
reviewed and revisited periodically. Maintaining a secure system requires
vigilance, because the default security configuration for any system tends to
become increasingly open over time. (For more information about maintaining
security, refer to Chapter 2, "Maintaining System Security" on
page 36.)

Based upon user experience and requests, we developed an automated method for
the Solaris Security Toolkit software to audit the security posture of a system,
by determining its level of compliance with a specified security profile.

NOTE

This method is only available in standalone mode using the
jass-execute-a command and cannot be used during a
JumpStart installation.

We recommend that you audit the security posture of your systems
periodically, either manually or automatically (for example, via cron
job or an rc script). For example, after hardening a new installation,
execute the Solaris Security Toolkit software audit command
(jass-execute-a<driver-name>)
five days later to determine if the system security has changed from the state
defined by the security profile.

How often you audit security depends on the criticality of the environment
and your security policy. Some users run an audit every hour, every day, or only
once a month. Some users run a mini-scan (limited number of checks) every hour,
and a full scan (with all the possible checks) once a day.

Consider auditing an essential component to maintain the security posture of
deployed systems. If security posture is not periodically audited, then
configurations often drift over time due to entropy or modifications that
unknowingly or maliciously change the desired security posture. Without periodic
review, these changes go undetected and corrective measures are not taken. The
result is a system that becomes less secure and, correspondingly, more
vulnerable.

In addition to periodic audits, we recommend that you perform audits after
upgrades, patches, and other significant system configuration changes.